The Analyst, Information Security Governance, Risk and Compliance will play a key role in safeguarding the organizations systems, networks, and data. The position is responsible for aiding in the design, development, and build of Information Security governance capabilities, participate in the management of these capabilities, and supporting controls. In addition, this role will be responsible for acting as a trusted resource for other analysts in the organization.
Essential Responsibilities:
• Design, develop, Implement, and provide ongoing support for a global Information Security
• Cryptography governance process, to ensure the compliance and effectiveness of various data protection controls, methods, procedures, processes (i.e., ciphers suites, encryption, key/secrets management, PKI, tokenization, transport layer security)
• Participate as one of several governance leads on team of information security analysts
• Play a hands-on role in the engineering, implementation, and continuous improvement of governance processes to ensure data protection control objectives are effective
• Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
• Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
• Work independently in identifying opportunities to improve operational or other performance for Security, Information Technology and other functions across
• Work with Information Security engineers and API developers to drive program delivery
• Work with Information Security leaders to advance cryptography governance program development, maturity, and standards across the organization
• Serve as subject-matter expert to other team members in the Information Security organization
• Perform other duties and/or special projects as assigned
Qualifications/Requirements:
• Bachelor's degree in Computer Science/Engineering or related field OR High School Diploma/GED and a minimum of 4 years or experience in Technology with a minimum of 3 years in Information Security
• Certifications in audit, cloud, cybersecurity, governance, information security, privacy, risk preferred; AWS, GCP, GIAC, IAPP, ISC2, ISACA
• Excellent oral communication and writing skills. Adept and presenting complex topics,
influencing and executing with timely / actionable follow-through
• Experience with legal and regulatory compliance standards such as GDPR, PCI DSS, SOX
• Experience with IT governance, risk, and compliance management in a global environment
• Experience with IT GRC/IRM platforms (i.e., Oracle, RSA Archer, MetricStream)
• Familiarity with ISMS and security frameworks, including NIST Cybersecurity Framework
• Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs
• Strong analytical and problem-solving skills with the ability to convert information into practical deliverables. Uses rigorous logic and methods to solve difficult problems.
Desired Characteristics:
• Ability to successfully manage working on multiple simultaneous projects
• Audit, compliance, data privacy, governance, risk background
• Creativity and individual thinking, and the ability to work both with a team and unsupervised
• Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure
• Good teamwork, oral and written communication
• Good understanding of security landscape as a whole
• Strong and efficient problem-solving and analytical skills, willingness to learn
• Information security background
• Knowledge of modern coding languages such as Python
• Knowledge of API development
• Knowledge of CI/CD pipelines
• Knowledge of encryption concepts, controls, technologies
• Knowledge of secrets management concepts, controls, technologies
• Knowledge of tokenization technologies
• Understanding of various cloud deployment/service models from a development, infrastructure and information security aspect
